Install and configure directory service
Installation and configuration steps:
Install directory service
The Entrust Certificate Authority requires an LDAP (Lightweight Directory Access Protocol) compliant directory service or a third-party LDAP-compliant X.500 directory. A remote OpenLDAP directory service with a self-signed certificate was used in this integration. See PSIC-Entrust Certificate Authority x for the list of directory services supported.
-
Install the required directory service.
-
Add the following firewall rule if accessing a directory in another server:
firewall-cmd --add-port=389/tcp
Configure directory service
The Entrust Certificate Authority directory schema configuration is described in Entrust Certificate Authority 10.0 Documentation Suite - Issue x.
-
Implement the configuration corresponding to your directory service.
The following directory service parameters are used in this integration:
-
Top Level DN:
dc=entrustsm,dc=local
-
CA Directory Location:
ou=CAentry,dc=entrustsm,dc=local
-
Director Administrator:
cn=EntrustAdmin,ou=CAentry,dc=entrustsm,dc=local
-
First Officer:
cn=FirstOfficer,ou=CAentry,dc=entrustsm,dc=local
-
-
Test access to the directory services:
[root@entrust-sm-linux ~]# ldapsearch -x -H ldap://<Name_or_IP> -D "cn=EntrustAdmin,ou=CAentry,dc=entrustsm,dc=local" -b "cn=EntrustAdmin,ou=CAentry,dc=entrustsm,dc=local" -s sub -W Enter LDAP Password: # extended LDIF # # LDAPv3 # base <cn=EntrustAdmin,ou=CAentry,dc=entrustsm,dc=local> with scope subtree # filter: (objectclass=*) # requesting: ALL # # EntrustAdmin, CAentry, entrustsm.local dn: cn=EntrustAdmin,ou=CAentry,dc=entrustsm,dc=local objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson uid: entrustadmin sn: Administrator userPassword:: e1NTSEF9dll6U0huV2w3Wm90MFJPTTFDbVhzVjIycHhyckkvREw= description: Certificate Authority Directory Administrator cn: EntrustAdmin # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1